diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-17 04:41:37 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-17 04:41:37 +0000 |
| commit | 04faa3a6b4673afb18bac292472f55d3828e656a (patch) | |
| tree | 5b26b36d6553d8766afd19166ce11ad403537a0b /usr.bin/file/file.c | |
| parent | smtpd starts rather robustly with a gigantic pledge request group (keep (diff) | |
| download | wireguard-openbsd-04faa3a6b4673afb18bac292472f55d3828e656a.tar.xz wireguard-openbsd-04faa3a6b4673afb18bac292472f55d3828e656a.zip | |
The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd"
early on, then a set of getpwnam/setresuid/... before quickly dropping to
"stdio recvfd". It receives fd's and runs the magic code on them in a
chroot'd "stdio" jail. We can do better than that.
Before the recent change, "proc" contained both the concepts of "forking"
and "setuid". "id" is now split out as a seperate request, and it is
exactly what this process needs momentarily. So this loses another window
of opportunity, in case we have a major bug in .... hmm, it'd have to be
in getpwnam....
ok tedu doug semarie gilles
Diffstat (limited to 'usr.bin/file/file.c')
| -rw-r--r-- | usr.bin/file/file.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c index 65ae402286d..4462cbddf88 100644 --- a/usr.bin/file/file.c +++ b/usr.bin/file/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.52 2015/10/09 01:37:07 deraadt Exp $ */ +/* $OpenBSD: file.c,v 1.53 2015/10/17 04:41:37 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -351,7 +351,7 @@ child(int fd, pid_t parent, int argc, char **argv) int i, idx; size_t len, width = 0; - if (pledge("stdio getpw proc recvfd", NULL) == -1) + if (pledge("stdio getpw recvfd id", NULL) == -1) err(1, "pledge"); if (geteuid() == 0) { |